The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Issue How to automatically exchange an AD imported certificate for a user.
Known to apply to the following Sophos product(s) and version(s) SafeGuard Management Center version 6.0 and above
SafeGuard Enterprise provides a tailor-made solution that allows the exchange or swap of user certificates and P12 files synchronously in the Microsoft AD, the SafeGuard Enterprise DB, and on the SafeGuard Enterprise client machine.
This means that a user can still only have one certificate at any given point in time, but a synchronized sequence of events allows the exchange of the user certificate and P12 file in one consolidated action.
To change a user’s certificate for token logon:
The certificate is assigned to the user as a standby certificate. This is indicated by a tick in the Standby column of the user’s Certificates tab. After that synchronization between the endpoint computer and the SafeGuard Enterprise Server. The status dialog in the SafeGuard Enterprise System Tray Icon will now indicate that the endpoint computer is 'Ready for certificate change'.
The user now has to initiate a certificate change on the endpoint computer.
To change the certificate on the client computer:
The new token is valid for POA logon. The old token is no longer valid for logon. After the user has changed the certificate on the endpoint computer, the certificate is also renewed on the SafeGuard Enterprise Server during the next synchronization. This removes the old token from the user’s Certificates tab in the SafeGuard Management Center. The new token becomes the standard token for the user. Note: In the SafeGuard Management Center, both certificates can be deleted separately. If only a standby certificate is available, the next certificate is assigned as the standard certificate.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.